SWF is not a loadable Module

Did you get this error using modules? This error means that you tried to load the module from a different server than the one the loader is running on, and/or you don’t have crossdomain.xml permission to load the module from that server.
Flash/Flex has a lot of security built in so that mean people can’t use Flash/Flex to do mean things to other servers. All SWFs therefore belong to the domain of the server where that SWF lives.
For example, if we’re running a SWF that lives at http://a.b.com/main.SWF, that SWF belongs to the domain “a.b.com”. If you try to load a SWF from somewhere else, such as http://c.b.com/module.SWF or http://e.f.org/module.SWF, then you are loading across domains.
The Flash Player will then look in the root directory of c.b.com or e.f.org for a file called crossdomain.xml, and see if a.b.com is listed in that file (or the file lists ‘*” which means “everybody”). If not, you cannot load the SWF as a module because, due to other security restrictions in the Flash Player, SWF loaded from another domain without crossdomain.xml permission go in a separate SecurityDomain, which means that it will have its own ApplicationDomain which means it cannot share classes with the main SWF and thus the ModuleManager can’t see the objects in the SWF as Modules.
Because this is a security-related issue, there are no real workarounds. You either have to make sure that your modules are in the same domain as the SWFs that load them, or you have to set up crossdomain.xml files so they can be used from SWFs in other domains. If you are trying to use a third-party module, you probably don’t have access to the third-party’s server and thus can’t add yourself as an accepted domain in their crossdomain.xml file. That’s annoying, but those are the rules. Server owners must either give explicit permission or decide to openly share SWFs resources on a server by listing your domain in crossdomain.xml or using ‘*”.

21 Responses to SWF is not a loadable Module

  1. Bryce says:

    I’m running into this error when I load up a swf. I understand the security/cross domain issues, but I’m loading the swf locally, from my bin.
    The weird thing is that I can load up a styled swf that I get from compiling a css file just fine. But with a swf that I have skinned using flash or illustrator, I get this error.
    I got the templates from http://www.adobe.com/devnet/flex/articles/flex_skins.html
    Any ideas why I would get this error only for skinned swfs, and not for styled swfs, even when they are sitting in the same directory?
    The swf that is giving me problems is here: http://skin.bryceb.staging.mediarain.com/flex_skins.swf Keep in mind, I’m not loading it from there, I’m only putting it there so you can see it.
    Any Ideas?
    flex_skins.swf is an application swf and not a module swf and thus you can’t load it via modules otherwise you’ll get that error. You can load it via SWFLoader or at a lower level using flash.display.Loader.
    Modules have special startup code to talk to the ModuleManager.

  2. Todd says:

    is there a way to load a remote SWF from the ModuleLoader when the loading SWF is local-with-network or local-trusted? every time I try this, the loaded module throws “LayoutContainer could not be found”
    Haven’t tried it. You probably have to specify the SecurityDomain as SecurityDomain.currentDomain in the LoaderContext. I would not expect it to work with local-trusted.

  3. Andrew Hamilton says:

    Perhaps it is worth noting that the crossdomain.xml file is related to the Flash player security model-only. The crossdomain.xml file does in no way protect the remote service api’s hosted from your server. The FlexGateway is just a binary protocol that ‘anyone’ can talk to if they know the api(perhaps by insider disclosure to an outsider). In other words, if you make a method remote in the ColdFusion server, your cross domain xml file does nothing to protect any server from talking your flex-gateway and invoking the API in question, it only stops a swf from a diff. domain from talking to your server thru execution in the flashplayer.
    I only suggest this because your initial article suggests that the crossdomain.xml file protects people from ‘using Flex to do mean things on other servers’. In this context Flash/Flex means something running in the FlashPlayer, not the Flex-Gateway on your server. That’s wide open if you have no other access-control scheme in place.
    Alex responds:
    Uh, ok. Flex generally means client code, not server stuff, but maybe this info will help someone else.

  4. Khaled says:

    I have developed an Application which calls several modules. This application runs successfully on Jrun 4 with built-in LCDS 2.5. But, when I migrate the application to Tomcat with built-in LCDS 2.6, I get error # 2036. Help is needed, please.
    Best regards
    Alex responds:
    I would ask on FlexCoders

  5. Ian Harrigan says:

    Hi there, im wondering if someone might be able to help me a little. Im having some real issues with security trying to load a module.
    First ill explain the setup. I have a .swf file that runs in the flash player on the desktop (not the browser). Then i have a module located on IIS (localhost:1111). I also have a crossdomain.xml file that *should* allow access from all (ie, ‘*’) however when i try to load the module i get a ‘SWF is not a loadable module’ error.
    If i have both the files in the same location it all works fine its just when they are in different domains it doesnt work. Any ideas what im doing wrong?
    PS: the loader (‘shell’) is in the localTrusted sandbox.
    Alex responds:
    Configuration like that aren’t supported because Modules must be in the same securitydomain, and crossdomain.xml has no effect for localTrusted sandboxes. Some folks use loadBytes to bring Modules in that situation. There are several discussions of that on FlexCoders

  6. RobMcM says:

    Hi Alex,
    I am trying to load a module into an AIR app from the app storage directory.
    I then want this module to be in a sandbox, with an exposed .parentSandboxBridge.
    Firstly I can’t seem to load a module in with a different application domain.
    I also can’t get the module to compile with loaderInfo.parentSandboxBridge as it’s a Flex swf not an AIR app (can you even make modules in AIR).
    Could you help at all?
    Alex responds:
    You must use Flex 3.2 to use different application domains. See the posts on the Marshall Plan.
    It is possible that AIR modules is not supported by the moduels feature of FlexBuilder. I haven’t tried it, but file a bug if you think it isn’t working.
    You should still be able to create another AIR app but use instead of and make a module that way, but you’ll have to manually manage link-reports and load-externs compiler options.

  7. Ryan Phelan says:

    I am getting this error intermittently when loading a style SWF using StyleManager.loadStyleDeclarations(). The SWF does reside on another domain, however that domain has a crossomain policy file which grants access. I know the policy file is working because a) subsequent calls to loadStyleDeclarations() are successful and b) I am also loading images from that server and accessing their BitmapData. I can also verify that the error occurs EVERY time if I disable the crossdomain policy file.
    Since I only get the error about 1 in 5 times, I’m guessing there is some sort of race condition going on here. Any ideas?

  8. Alex Harui says:

    Any chance you might be calling load before the policy file has been requested and returned?

  9. tomer doron says:

    we have a rather complex application that started throwing this error on an inconsistent manner. this started once we move to SDK 3.4, any changes that were done in 3.4 that may be causing this?

  10. Alex Harui says:

    Nothing comes to mind right now. What was the version you were running on before? Can you go back to that version and see if you still have problems?

  11. tomer doron says:

    thanks alex. upgraded from 3.3 to 3.4. 3.3 is fine if roll back to it. This is happening at a preloading stage of the application and it “smells” like a race condition. This is not a mixed domains situation and there is no policy file involved.

  12. Alex Harui says:

    Are the main app and the modules all on 3.4? You can’t mix versions with modules.
    Are you making several requests for the same module? I think there may be a bug out on that.

  13. tomer doron says:

    thanks alex, modules and application are all on 3.4, but, yes, there is a good chance that there are parallel requests to load the module. is this a known issue? if so, is there a know workaround?

  14. anoymous says:

    Hi Alex,
    Re: “Are you making several requests for the same module? I think there may be a bug out on that”
    Could you please explain what the bug is? and the solution to this.
    We are also facing this issue.We are making several requests for the same module. On the click of a link, we are supposed to a load a pop-window and load a module in the pop-up. But if the user clicks on the link multiple times (without waiting for the module to be loaded), we get this error.

  15. Alex Harui says:

    There is a bug on this issue. The fix was checked into the Flex 4 code base today. I don’t know of any workaround other than coming up with your own solution to prevent multiple calls to load()

  16. Alex Harui says:

    The bug is that if you make multiple calls to load() the handlers for that module may not fire. The only known workaround is to come up with your own scheme for making sure load() is called only once per module.

  17. Veeru says:

    Hi Alex,
    I have created a module and compiled the same.
    As a result Ive got a swf in my bin folder. When I tried running that swf its throwing an error : Module not found.
    Its not in any of the cross domains, its just in my Local.
    Please help me out of this issuue.

  18. Alex Harui says:

    That sounds like you haven’t specified the path to the module properly. If you have further questions, you’ll get faster response on the forums

  19. Now i am accessing this page via our Iphone4 and I can’t get the complete image to be able to load. I Basically assumed you should know.

  20. I want to create a site where it’s a one stop shop for stories and articles on a particular subject….as long as I give credit to the author or source will I be ok, I will not steal original content, but rather gather it…is this legal?.